CLAIMS 

1 . A repeater device that is arranged in a network and 
includes a signature storage unit that stores signatures 
for controlling a passage of packets, and controls the 
passage of the packets based on the signatures stored in 
the signature storage unit, comprising: 

a priority order determining and providing unit that 
determines the priority orders of the signatures to be 
stored in the signature storage unit; and 

a packet controlling unit that selects a signature 
from the signature storage unit in the order of high 
priority order as determined by the priority order 
determining unit and controls the passage of the packet 
based on selected signature. 

2 . The repeater device according to claim 1 , wherein 
the signature storage unit stores automatically 

generated signatures that are generated automatically 
according to predetermined conditional judgments and set 
signatures set by a manager of the network, and 

the priority order determining unit provides priority 
orders to the automatically generated signatures and the 
set signatures to be stored in the signature storage unit 
with the set signatures being provided with higher priority 
orders than the automatically generated signatures. 

3 . The repeater device according to claim 1 or 2 , wherein 
the signature storage unit stores a plurality of 

signatures for restricting the passage of the packets 
within predetermined ranges, and 

the priority order determining unit provides priority 
orders to the signatures to be stored in the signature 
storage unit with higher priority orders being provided to 
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signatures of more stringent restriction ranges. 

4. The repeater device according to claim 1, further 
comprising: 

5 a suspicious signature generating unit that. detects a 

suspicious attacking packet based on predetermined 
suspicious attack detection conditions and generates a 
suspicious signature for restricting the suspicious 
attacking packet; and 
10 wherein, when a suspicious signature is generated by 

the suspicious signature generating unit, the priority- 
order determining unit stores the suspicious signature in 
the signature storage unit upon providing a priority order 
to the suspicious signature. 

15 

5. The repeater device according to claim 1, further 
comprising : 

a legitimate signature generating unit that generates 
legitimate signatures for enabling valid packets based on 
20 predetermined legitimacy conditions; and 

wherein, when a legitimate signature is generated by 
the legitimate signature generating unit, the priority 
order determining unit stores the legitimate signature in 
the signature storage unit upon providing a priority order 
25 to the legitimate signature. 

6. The repeater device according to claim 1, further 
comprising : 

an illegitimate signature generating unit that detects 
30 an illegitimate packet based on predetermined illegitimate 
traffic detection conditions and generates an illegitimate 
signature for restricting the illegitimate packet; and 

wherein, when an illegitimate signature is generated 
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by the illegitimate signature generating unit, the priority 
order determining unit stores the illegitimate signature in 
the signature storage unit upon providing a priority order 
to the illegitimate signature. 

5 

7. The repeater device according to claim 1, further 
comprising: 

a signature receiving unit that receives suspicious 
signatures, for restricting suspicious attacking packets, 
10 from other repeater devices; and 

wherein, when a suspicious signature is received by 
the signature generating unit, the priority order 
determining unit stores the suspicious signature in the 
signature storage unit upon providing a priority order to 
15 the suspicious signature. 

8. The repeater device according to claim 1, further 
comprising : 

a legitimate signature generating unit that generates 
20 legitimate signatures for enabling valid packets based on 

predetermined legitimacy conditions received from the other 
repeater devices; and 

wherein, when a legitimate signature is generated by 
the legitimate signature generating unit, the priority 
25 order determining unit stores the legitimate signature in 
the signature storage unit upon providing a priority order 
to the legitimate signature. 

9. The repeater device according to claim 1, further 
30 comprising: 

a signature input unit that receives and inputs 
signatures from a network manager; and 

wherein, when a signature is input by the signature 
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input unit, the priority order determining unit stores the 
signature in the signature storage unit upon providing a 
priority order to the signature. 

5 10. A network attack protection system that includes a 
signature storage unit that stores signatures for 
controlling a passage of packets, and controls the passage 
of the packets based on the signatures stored in the 
signature storage unit, comprising: 

10 a priority order determining and providing unit that 

determines the priority orders of the signatures to be 
stored in the signature storage unit; and 

a packet controlling unit that selects a signature 
from the signature storage unit in the order of high 

15 priority order as determined by the priority order 

determining unit and controls the passage of the packet 
based on selected signature. 

11. A relaying method realized on a device that is 
20 arranged in a network and that includes a signature storage 
unit that stores signatures for controlling a passage of 
packets, and controls the passage of the packets based on 
the signatures stored in the signature storage unit, 
comprising: 

25 a priority order determining and providing unit step 

of determining the priority orders of the signatures to be 

stored in the signature storage unit; and 

a packet controlling step of selecting a signature 

from the signature storage unit in the order of high 
30 priority order as determined by the priority order 

determining unit and controls the passage of the packet 

based on selected signature. 
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12. The relaying method according to claim 11, wherein 
the signature storage unit stores automatically 

generated signatures that are generated automatically 
according to predetermined conditional judgments and set 
5 signatures set by a manager of the network, and 

the priority order determining step includes providing 
priority orders to the automatically generated signatures 
and the set signatures to be stored in the signature 
storage unit with the set signatures being provided with 
10 higher priority orders than the automatically generated 
signatures. 

13. The relaying method according to claim 11 or 12, 
wherein 

15 the signature storage unit stores a plurality of 

signatures for restricting the passage of the packets 

within predetermined ranges, and 

the priority order determining step includes providing 

priority orders to the signatures to be stored in the 
20 signature storage unit with higher priority orders being 

provided to signatures of more stringent restriction ranges. 

14. A relaying program that causes a signature storage 
unit to store signatures for controlling a passage of 

25 packets, and controls the passage of the packets based on 
the signatures stored in the signature storage unit, 
comprising : 

a priority order determining and providing unit 
process of determining the priority orders of the 
30 signatures to be stored in the signature storage unit; and 

a packet controlling process of selecting a signature 
from the signature storage unit in the order of high 
priority order as determined by the priority order 
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determining unit and controls the passage of the packet 
based on selected signature. 

15. The relaying program according to claim 14, wherein 
5 the signature storage unit stores automatically 

generated signatures that are generated automatically 
according to predetermined conditional judgments and set 
signatures set by . a manager of the network, and 

the priority order determining step includes providing 
10 priority orders to the automatically generated signatures 
and the set signatures to be stored in the signature 
storage unit with the set signatures being provided with 
higher priority orders than the automatically generated 
signatures . 

15 

16. The relaying program according to claim 14 or 15, 
wherein 

the signature storage unit stores a plurality of 
signatures for restricting the passage of the packets 
20 within predetermined ranges, and 

the priority order determining step includes providing 
priority orders to the signatures to be stored in the 
signature storage unit with higher priority orders being 
provided to signatures of more stringent restriction ranges. 



